Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
24/01/2024, 13:31
General
-
Target
2024-01-24_eb6ad122a9b662b43dd2c06b1e50fba0_cryptolocker.exe
-
Size
53KB
-
MD5
eb6ad122a9b662b43dd2c06b1e50fba0
-
SHA1
213dbed64777d854541c1df260369f5f51198d4c
-
SHA256
ab897479e48a4327a979716261b5e27eef2def3a494331b244aa9e01dc9cf076
-
SHA512
b52a1b022acb856f30965039d404a92c49c7a25ecbe0c8a9f9a6e401e281cd700f2519029ebedec5961cb247426ae0de837bcea13b6ed2f2d9c5cc71c73c8e35
-
SSDEEP
768:X6LsoEEeegiZPvEhHSG+gp/BtOOtEvwDpjBVaD3E09vaTiSfQaV2LN7L:X6QFElP6n+gJBMOtEvwDpjBtE1yILN
Malware Config
Signatures
-
Detection of CryptoLocker Variants 1 IoCs
-
Detection of Cryptolocker Samples 1 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-24_eb6ad122a9b662b43dd2c06b1e50fba0_cryptolocker.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-24_eb6ad122a9b662b43dd2c06b1e50fba0_cryptolocker.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\asih.exe"C:\Users\Admin\AppData\Local\Temp\asih.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
53KB
MD5ca1a452dcab7d154095794d493478510
SHA1a6872eb97d42034a12c7c270657d05b55b76fc42
SHA2562a8d28f3374723305c6231ef0a89d3b88df5ee45728dc891e4cf2261ebe5b82d
SHA5122a6ed084b0025c34c569d4e96679c154ec79d834905578fd6f811fc912a0fb2e31b05f2d845c0354a320e2a147caacd8d3287191b7961a11c87787256f5ba262
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB